Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(796)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/platform/weborigin/SecurityOriginTest.cpp

Issue 27073003: CSP Suborigins Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Address many of mkwst's comments Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« LayoutTests/http/tests/security/suborigins/suborigin-blocked-notifications.php ('K') | « Source/platform/weborigin/SecurityOrigin.cpp ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2013 Google Inc. All rights reserved. 2 * Copyright (C) 2013 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 13 matching lines...) Expand all
24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */ 29 */
30 30
31 #include "config.h" 31 #include "config.h"
32 #include "platform/weborigin/SecurityOrigin.h" 32 #include "platform/weborigin/SecurityOrigin.h"
33 33
34 #include "platform/RuntimeEnabledFeatures.h"
34 #include "platform/weborigin/KURL.h" 35 #include "platform/weborigin/KURL.h"
35 #include <gtest/gtest.h> 36 #include <gtest/gtest.h>
36 37
37 using blink::SecurityOrigin; 38 using blink::SecurityOrigin;
38 39
39 namespace { 40 namespace {
40 41
41 const int MaxAllowedPort = 65535; 42 const int MaxAllowedPort = 65535;
42 43
43 TEST(SecurityOriginTest, InvalidPortsCreateUniqueOrigins) 44 TEST(SecurityOriginTest, InvalidPortsCreateUniqueOrigins)
(...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after
132 EXPECT_EQ(inputs[i].accessGranted, errorMessage.isEmpty()); 133 EXPECT_EQ(inputs[i].accessGranted, errorMessage.isEmpty());
133 } 134 }
134 135
135 // Unique origins are not considered secure. 136 // Unique origins are not considered secure.
136 RefPtr<SecurityOrigin> uniqueOrigin = SecurityOrigin::createUnique(); 137 RefPtr<SecurityOrigin> uniqueOrigin = SecurityOrigin::createUnique();
137 String errorMessage; 138 String errorMessage;
138 EXPECT_FALSE(uniqueOrigin->canAccessFeatureRequiringSecureOrigin(errorMessag e)); 139 EXPECT_FALSE(uniqueOrigin->canAccessFeatureRequiringSecureOrigin(errorMessag e));
139 EXPECT_EQ("Only secure origins are allowed. http://goo.gl/lq4gCo", errorMess age); 140 EXPECT_EQ("Only secure origins are allowed. http://goo.gl/lq4gCo", errorMess age);
140 } 141 }
141 142
143 TEST(SecurityOriginTest, Suborigins)
144 {
145 blink::RuntimeEnabledFeatures::setSuboriginsEnabled(true);
146
147 RefPtr<SecurityOrigin> origin = SecurityOrigin::createFromString("https://te st.com");
148 EXPECT_FALSE(origin->hasSuborigin());
149 origin->addSuborigin("foobar");
150 EXPECT_TRUE(origin->hasSuborigin());
151 EXPECT_EQ("foobar", origin->suboriginName());
152
153 origin = SecurityOrigin::createFromString("suborigin+foobar+https://test.com ");
154 EXPECT_TRUE(origin->hasSuborigin());
155 EXPECT_EQ("foobar", origin->suboriginName());
156
157 origin = SecurityOrigin::createFromString("sborigin+foobar+https://test.com" );
158 EXPECT_FALSE(origin->hasSuborigin());
159
160 origin = SecurityOrigin::createFromString("+foobar+https://test.com");
161 EXPECT_FALSE(origin->hasSuborigin());
162
163 origin = SecurityOrigin::createFromString("suborigin++https://test.com");
164 EXPECT_FALSE(origin->hasSuborigin());
165
166 origin = SecurityOrigin::createFromString("suborigin+https://test.com");
167 EXPECT_FALSE(origin->hasSuborigin());
168
169 origin = SecurityOrigin::createFromString("suborigin+foobar+https://test.com ");
170 EXPECT_DEATH(origin->addSuborigin("shouldhitassert"), "");
171
172 origin = SecurityOrigin::createFromString("https://test.com");
173 RefPtr<SecurityOrigin> suborigin1 = SecurityOrigin::createFromString("subori gin+foobar+https://test.com");
174 RefPtr<SecurityOrigin> suborigin2 = SecurityOrigin::createFromString("subori gin+bazbar+https://test.com");
175 EXPECT_TRUE(suborigin1->canAccess(suborigin1.get()));
176 EXPECT_FALSE(origin->canAccess(suborigin1.get()));
177 EXPECT_FALSE(suborigin1->canAccess(origin.get()));
178 EXPECT_FALSE(suborigin1->canAccess(suborigin2.get()));
Mike West 2015/04/13 10:03:35 Nit: I'd suggest splitting `canAccess` and `canReq
179
180 EXPECT_TRUE(suborigin1->canRequest(blink::KURL(blink::KURL(), suborigin1->to String())));
181 EXPECT_FALSE(origin->canRequest(blink::KURL(blink::KURL(), suborigin1->toStr ing())));
182 EXPECT_FALSE(suborigin1->canRequest(blink::KURL(blink::KURL(), origin->toStr ing())));
183 EXPECT_FALSE(suborigin1->canRequest(blink::KURL(blink::KURL(), suborigin2->t oString())));
184
185 origin = SecurityOrigin::createFromString("suborigin+foobar+https://test.com ");
186 EXPECT_FALSE(origin->canShowNotifications());
187 }
188
142 } // namespace 189 } // namespace
143 190
OLDNEW
« LayoutTests/http/tests/security/suborigins/suborigin-blocked-notifications.php ('K') | « Source/platform/weborigin/SecurityOrigin.cpp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698